Even though the risk factor may not be the most critical of all known threats, Bots deserve special attention because of what they can do, and the fact that they can work in tandem with other brute force methods to allow the undesirable trend of making trouble and stealing data to escalate to unprecedented heights. Most people are familiar with the word Robot, derived from the Czechoslovakian word "Robota"…which means "work". Any software program that can automate a task or execute certain commands when receiving specific input, can be considered an intelligent agent, which is a term often used interchangeably with "software robot" or as they are known in tech-slang…a Bot. These software agents can display greetings and advertisements when people enter a chat room, or can perform specialized web searches as spiders or crawlers. Shopping agents, (shopping bots or shopbots) can assist in finding the lowest price on something you want to buy. So we have "Good Bots" that work at Web sites, performing tasks such as hunting down the best prices on airline tickets or sending a customer alert when a particular item's price drops. And we have malicious Bots --which were originally named remote access Trojan horses-and these allow someone to enter an infected PC and remotely use that compromised system to help them do their dirty work. Last April ('04), a new type of Bot appeared as a threat which found its way into Windows operating systems due to a vulnerability in a security component called the Local Security Authority Subsystem Service, or LSASS. This new Bot variant, known as Agobot (or Gaobot, according to Symantec), incorporated publicly available code for breaching systems. Agobot was able to seek out and place itself on vulnerable computers, where it allowed an attacker to send commands that the system would perform silently in the background while its owner worked away…oblivious to the problems. Through the process of infecting insufficiently patched PCs whenever they connected to chat rooms and file-sharing networks, so-called Bot networks were created that enabled Botmasters to control 2,000-10,000 strong (on average) collections of "Zombies" through encrypted peer-to-peer grids which could carry out instructions to send spam emails to further the spread of malware, install spyware and carry out denial of service attacks on particular websites. By comparison to Worm programs, Bot software is much harder to detect. Because Worms spread randomly and automatically create a lot of data traffic as they attempt to infect new hosts, they tend to be much more in the spotlight for network monitoring devices. Even on individual systems, worms create much more noticeable effects like hogging system resources or shutting down and rebooting the PC. Bots on the other hand, have little to no effect on the systems that they are installed on and are more likely to be commanded to search smaller networks for new systems to infect. This effectively reduces the amount of bandwidth that compromised servers produce and makes Bots significantly more difficult to detect. Because many US computer users still don't A) regularly run anti-virus software, B) update their security patches or C) use any other precautions such as firewall software, it's a given that the numbers of Bot infections won't just remain somewhere in the millions (as of last summer), but will continue to increase indefinitely. Next, we'll take a look at additional concerns about how versatile Bot software has become, by addressing hybrid methods including: - "pre-seeding" of worms - bulk email /spam distribution from Bot nets - breaking encryption and cracking passwords by using the computation power of distributed supercomputers created with Bot nets In the meantime, watch out for all those Zombies.